File name: | Request for Quote (RFQ) No. 6654-SOSi.eml |
Full analysis: | https://app.any.run/tasks/5320ae3a-0eae-4680-aacc-f45302d08660 |
Verdict: | Malicious activity |
Analysis date: | December 06, 2018, 10:09:14 |
OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
Indicators: | |
MIME: | message/rfc822 |
File info: | SMTP mail, ASCII text |
MD5: | 2C893E97CA92CEA617A1743B5A188217 |
SHA1: | F42FC3C1CA7B60B42899A71BFEAAAE7367681648 |
SHA256: | 63395420E6C6BAD3A9F79116FEE0D1B86F8B52DAA4B76F93AEF2732436DDBEBE |
SSDEEP: | 6144:NkM0HPIGY+Ms3d6SVuUe1X/+FXcuD62zfPD7DFl0mzpk4XgD+Mpx:uvIGzB3o2uzWFXd62zXD7kyk4QD1px |
.eml | | | E-Mail message (Var. 1) (100) |
---|
PID | CMD | Path | Indicators | Parent process |
---|---|---|---|---|
2864 | "C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE" /eml "C:\Users\admin\AppData\Local\Temp\Request for Quote (RFQ) No. 6654-SOSi.eml" | C:\PROGRA~1\MICROS~1\Office14\OUTLOOK.EXE | explorer.exe | |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Outlook Version: 14.0.6025.1000 | ||||
2824 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2580 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /n "C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\WFYBA366\Pricing Template - 6654.doc" | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | OUTLOOK.EXE |
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Microsoft Word Version: 14.0.6024.1000 | ||||
2152 | "C:\Program Files\Microsoft Office\Office14\WINWORD.EXE" /Embedding | C:\Program Files\Microsoft Office\Office14\WINWORD.EXE | — | WINWORD.EXE |
User: admin Company: Microsoft Corporation Integrity Level: LOW Description: Microsoft Word Version: 14.0.6024.1000 | ||||
3804 | "C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE" -Embedding | C:\Program Files\Common Files\Microsoft Shared\EQUATION\EQNEDT32.EXE | svchost.exe | |
User: admin Company: Design Science, Inc. Integrity Level: MEDIUM Description: Microsoft Equation Editor Version: 00110900 |
PID | Process | Filename | Type | |
---|---|---|---|---|
2864 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\CVR9570.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2864 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\tmp9774.tmp | — | |
MD5:— | SHA256:— | |||
2864 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\WFYBA366\Pricing Template - 6654 (2).doc\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
2580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\CVR4807.tmp.cvr | — | |
MD5:— | SHA256:— | |||
2864 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Temp\OICE_CFD4BD2C-D930-4667-88E7-FC3D77851E90.0\BE328396.doc\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
2580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_BC836785-F13D-469D-A8B5-BFF75FBF36CB.0\E01E0C9.doc\:Zone.Identifier:$DATA | — | |
MD5:— | SHA256:— | |||
2864 | OUTLOOK.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$rmalEmail.dotm | pgc | |
MD5:89FFC7CFC68DE9A85B22D622AEFEC30A | SHA256:E3FCC7F1C12D962062451EC29A0A55EFF7CFEC69524AB1527DC15131B8DADA4E | |||
2580 | WINWORD.EXE | C:\Users\admin\AppData\Roaming\Microsoft\Templates\~$Normal.dotm | pgc | |
MD5:A34D01D293B62E367D0CD35AB500236A | SHA256:FBEF171FD40DC6192C08D963F36550B87774DFC9D840BDB10385EACF87BE0A35 | |||
2864 | OUTLOOK.EXE | C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Outlook\WFYBA366\Pricing Template - 6654.doc | text | |
MD5:6F764AFEE5C868E0B4E60AD5C848224D | SHA256:E327748B7BDDE7DC3967E2617A5A357ACA6B0C194B0856FA505E6A601C4AC186 | |||
2580 | WINWORD.EXE | C:\Users\admin\AppData\Local\Temp\OICE_BC836785-F13D-469D-A8B5-BFF75FBF36CB.0\E01E0C9.doc | text | |
MD5:6F764AFEE5C868E0B4E60AD5C848224D | SHA256:E327748B7BDDE7DC3967E2617A5A357ACA6B0C194B0856FA505E6A601C4AC186 |
PID | Process | Method | HTTP Code | IP | URL | CN | Type | Size | Reputation |
---|---|---|---|---|---|---|---|---|---|
2864 | OUTLOOK.EXE | GET | 404 | 64.4.26.155:80 | http://config.messenger.msn.com/config/msgrconfig.asmx?op=GetOlcConfig | US | xml | 345 b | whitelisted |
3804 | EQNEDT32.EXE | GET | 404 | 67.199.248.10:80 | http://bit.ly/2zxTNE5 | US | xml | 345 b | shared |
PID | Process | IP | Domain | ASN | CN | Reputation |
---|---|---|---|---|---|---|
3804 | EQNEDT32.EXE | 67.199.248.10:80 | bit.ly | Bitly Inc | US | shared |
2864 | OUTLOOK.EXE | 64.4.26.155:80 | config.messenger.msn.com | Microsoft Corporation | US | whitelisted |
Domain | IP | Reputation |
---|---|---|
config.messenger.msn.com |
| whitelisted |
bit.ly |
| shared |